Posts

Showing posts with the label Networking

AWS VPC Lattice: The Missing Service Layer Between VPC Connectivity and Application Routing

Image
AWS VPC Lattice: The Missing Service Layer Between VPC Connectivity and Application Routing AWS VPC Lattice is easiest to misunderstand when you treat it like another load balancer. The real value is a service-layer boundary for discovery, auth, routing, and observability across VPCs, accounts, and even on-prem entry paths. TL;DR AWS VPC Lattice is most useful when your problem is not raw network connectivity but service-to-service access control and routing across many boundaries. It gives you a service network abstraction, per-service listeners and target groups, IAM-backed auth policies, and request-level observability without forcing every team to hand-build PrivateLink, Route 53, and load balancer patterns from scratch. The important caveat is that it does not replace your VPC underlay, and some protocol choices, especially TLS passthrough, gRPC, and health checks, carry sharp constraints that you need to design for early. VPC Lattice works best when you treat it as a service a...
Post a Comment
Read more

Gateway API vs Ingress: Why Modern Kubernetes Traffic Management Uses Attachment, Not Annotations

Image
Gateway API vs Ingress: Why Modern Kubernetes Traffic Management Uses Attachment, Not Annotations Ingress is still valid, but it stopped evolving. Gateway API gives Kubernetes teams a cleaner resource model for shared edge infrastructure, richer routing, and safer multi-namespace ownership. TL;DR Gateway API is the practical successor to Kubernetes Ingress for teams that need more than host and path routing. Instead of collapsing infrastructure, TLS, and application routing into one resource plus controller-specific annotations, it separates concerns across GatewayClass, Gateway, and HTTPRoute. That gives platform teams explicit entry points, application teams structured routing rules, and both sides a safer attachment model for shared gateways. The result is better portability, clearer ownership, richer HTTP routing, and a migration path that does not require an all-at-once cutover. Gateway API separates infrastructure ownership from routing ownership, replacing annotation-heavy in...
Post a Comment
Read more

Private Amazon EKS Clusters and Ingress Patterns

Private Amazon EKS Clusters and Ingress Patterns In this article, we'll explore the intricacies of private Amazon EKS clusters and ingress patterns, providing practical guidance on designing resilient multi-cluster applications. TL;DR Private EKS clusters are ideal for sensitive workloads, but require careful consideration of ingress patterns. Understanding ingress patterns is crucial for cost control, as traffic within the same AZ is generally free, while cross-AZ and inter-region traffic incurs data transfer charges. We'll discuss common pitfalls to avoid when designing private EKS clusters and ingress patterns. We'll explore the importance of using the AWS Load Balancer Controller and Application Load Balancer ingress for your EKS applications. We'll provide a checklist for setting up private EKS clusters and ingress patterns. Designing Resilient Multi-Cluster Applications When designing resilient multi-cluster applications, it's essentia...
Post a Comment
Read more